1、找出/proc/meminfo文件中,所有以大写或小写S开头的行;至少有三种实现方式**
[root@HFJ audit]# grep -i ^s /proc/meminfo
SwapCached: 0 kB
SwapTotal: 1023992 kB
SwapFree: 1023992 kB
Shmem: 248 kB
Slab: 101952 kB
SReclaimable: 45604 kB
SUnreclaim: 56348 kB
[root@HFJ audit]# grep ^[Ss] /proc/meminfo
SwapCached: 0 kB
SwapTotal: 1023992 kB
SwapFree: 1023992 kB
Shmem: 248 kB
Slab: 101956 kB
SReclaimable: 45604 kB
SUnreclaim: 56352 kB
[root@HFJ audit]# `egrep "^S|^s" /proc/meminfo`
SwapCached: 0 kB
SwapTotal: 1023992 kB
SwapFree: 1023992 kB
Shmem: 248 kB
Slab: 101956 kB
SReclaimable: 45604 kB
SUnreclaim: 56352 kB
[root@HFJ audit]# grep -v ^[^SS] /proc/meminfo
SwapCached: 0 kB
SwapTotal: 1023992 kB
SwapFree: 1023992 kB
Shmem: 248 kB
Slab: 101952 kB
SReclaimable: 45604 kB
SUnreclaim: 56348 kB
2、显示当前系统上root、centos或user1用户的相关信息;
[root@HFJ audit]# egrep "^root|^centos|^user1" /etc/passwd
root:x:0:0:tuser0,yizhuang 101 room,12312312,1111111:/root:/bin/bash
centos:x:4005:4005::/home/centos:/bin/bash
user1:x:4006:4006::/home/user1:/bin/bash
找出/etc/rc.d/init.d/functions文件中某单词后面跟一个小括号的行;
cat /etc/rc.d/init.d/functions |grep -w "[[:alpha:]]\+()"
checkpid() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
confirm() {
[root@HFJ audit]# cat /etc/rc.d/init.d/functions |grep "\<[[:alpha:]]\+()"
checkpid() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
confirm() {
[root@HFJ audit]# cat /etc/rc.d/init.d/functions |grep "\<[[:alpha:]]\+\>()"
checkpid() {
daemon() {
killproc() {
pidfileofproc() {
pidofproc() {
status() {
success() {
failure() {
passed() {
warning() {
action() {
strstr() {
confirm() {
3、使用echo命令输出一绝对路径,使用egrep取出基名;
[root@HFJ audit]# echo /etc/rc.d/init.d/functions |egrep [^/]+$
/etc/rc.d/init.d/functions
[root@HFJ audit]# echo /etc/rc.d/init.d/functions |egrep [^/]+[/]?$
/etc/rc.d/init.d/functions
5、找出ifconfig命令结果中的1-255之间的数值;
[root@HFJ audit]# ifconfig |egrep "\<[[:digit:]]{1,2}\>|\<1[[:digit:]]{2}\>|\<2[0-4][0-9]\>|\<25[0-5]\>"
bond0 Link encap:Ethernet HWaddr 00:0C:29:21:6F:D9
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe21:6fd9/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:175980 errors:14 dropped:17 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:15987550 (15.2 MiB) TX bytes:1200 (1.1 KiB)
eth0 Link encap:Ethernet HWaddr 00:0C:29:21:6F:BF
inet addr:192.168.3.250 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe21:6fbf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:608281 errors:0 dropped:0 overruns:0 frame:0
TX packets:431714 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:46518755 (44.3 MiB) TX bytes:61328703 (58.4 MiB)
Interrupt:19 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:0C:29:21:6F:D9
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:169177 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15508186 (14.7 MiB) TX bytes:1200 (1.1 KiB)
Interrupt:17 Base address:0x2400
eth2 Link encap:Ethernet HWaddr 00:0C:29:21:6F:D9
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:6803 errors:14 dropped:17 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:479364 (468.1 KiB) TX bytes:0 (0.0 b)
Interrupt:16 Base address:0x2080
6、找出ifconfig命令结果中的IP地址;
[root@HFJ ~]# ifconfig |grep -w inet
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
inet addr:192.168.3.250 Bcast:192.168.3.255 Mask:255.255.255.0
inet addr:192.168.70.253 Bcast:192.168.70.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0
[root@HFJ ~]# ifconfig |grep -w inet|egrep -o "inet addr:[^[:space:]]+\>"
inet addr:192.168.1.100
inet addr:192.168.3.250
inet addr:192.168.70.253
inet addr:127.0.0.1
[root@HFJ ~]# ifconfig |grep -w inet|egrep -o "inet addr:[^[:space:]]+\>"|egrep "\<[0-9].*$"
inet addr:192.168.1.100
inet addr:192.168.3.250
inet addr:192.168.70.253
inet addr:127.0.0.1
[root@HFJ ~]# ifconfig |grep -w inet|egrep -o "inet addr:[^[:space:]]+\>"|egrep -o "\<[0-9].*$"
192.168.1.100
192.168.3.250
192.168.70.253
127.0.0.1
7、添加用户bash, testbash, basher以及nologin(其shell为/sbin/nologin);而后找出/etc/passwd文件中用户名同shell名的行;
[root@HFJ ~]# egrep "(^[^:]+\>)" /etc/passwd
root:x:0:0:tuser0,yizhuang 101 room,12312312,1111111:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
[root@HFJ ~]# egrep "(^[^:]+\>).*\1$" /etc/passwd
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
nologin:x:4010:4010::/home/nologin:/sbin/nologin